Happy Health privacy policy

Your privacy and the law

Happy Health Australia Pty Ltd [Happy Health] is committed to protecting and maintaining the privacy of your personal information. We are bound by the Australian Privacy Principles as outlined in the Privacy Act 1988 (Commonwealth), Health Records and Information Privacy Act 2002 (HRIP Act) and any relevant health and state legislation.

The Privacy Act 1988 (Commonwealth) is an Australian law which regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information. The Health Records and Information Privacy Act 2002 (HRIP Act) applies to organisations that are health service providers that collect, hold or use health information. This includes hospitals, doctors, other health service providers and any other organisations that handle your health information. This can include universities, a gym that records information about your health, or even your physiotherapist.

Collecting and managing your personal information

Your personal information, including sensitive information will be collected as deemed appropriate for the purpose of the following but not limited to:

  1. drug and alcohol screening
  2. pre-employment medicals
  3. any occupational health/monitoring medicals
  4. medical related to the mining industry
  5. functional assessments
  6. audiometry assessments
  7. injury management
  8. national rail safety medicals
  9. work fitness medicals
  10. injury management
  11. rehabilitation services
  12. assessing fitness to drive medicals
  13. immunisation and other health services
  14. manual handling and training services

Collection of your personal information allows us to conduct our business generally and for us to provide our services to you, including purposes necessary or incidental to the provision of services to you, or any purpose that you may reasonably expect, for any purpose authorised by law or required to comply with our legal obligations, or for other purposes disclosed to or authorised by you. This may include disclosure to organisations that provide us with support services and professional advice. The collection will be fair, lawful and not intrusive. The nature of this information will vary according to your relationship with the business and the work we are performing. 

Unless one of the limited exemptions under the Privacy Act 1988 applies, we will only collect your sensitive information if you consent to such collection, and if such sensitive information is reasonably necessary for one or more of our functions or activities. We may also collect your personal information for the purpose of informing you about our services or products. We will not use your sensitive information for this purpose without your consent, and you may decline to receive any marketing information from us at any time by following the opt-out instructions provided in such marketing material.

Type of Information Collected

We will, if it is reasonable or practicable to do so, collect your personal information from you. Personal information may include your name, date of birth, postal and email addresses, phone numbers, credit or debit card details. You may also be asked to complete questionnaires related to your previous employment history, occupational health history and past medical history to enable us to conduct our occupational Health Services with you. Personal Information may include any information which you advise us of, either verbally or in writing. On occasion, with your consent, we may need to collect information from your medical and other health practitioner/s regarding your health status to enable the completion of your health assessment or service. We may collect information which is relevant to your general health such as medication use, and any doctors or specialists whom you have been treated by.

Disclosure of your personal information

Subject to the particular restrictions on sensitive information, we may disclose your personal information to:

  1. any person you consent to receive your information
  2. your treating doctor, GP or medical specialist
  3. your treating or referred health professional eg; physiotherapist, occupational therapist, podiatrist, audiologist, optometrist
  4. your employer or prospective employer
  5. Safework NSW / iCare and other insurers or safe work regulatory bodies related to employee claims
  6. providers of pathology and other diagnostic services
  7. our contractors or the contractors of your employer or prospective employer engaging our services to you. This may include other medical practitioners and health professionals
  8. anyone to whom we are required by law to disclose your personal information. 

Your Personal Information will only be disclosed for the primary purpose for which it was provided, or for a secondary purpose related to the primary purpose (or in the case of Sensitive Information directly related), unless you consent otherwise or where we are permitted to do so by law. Your information will only be disclosed for the purpose for which it was provided and including purposes necessary or incidental to the provision of services to you, or any purpose that you may reasonably expect, or for any other purpose authorised by law or required to comply with our legal obligations, or for any other purpose disclosed to or authorised by you. This may include disclosure to organisations that provide us with support services and professional advice. We will provide personal information to third parties where we are required to by law, where it is reasonable for us to do as part of providing services to you, where our advisors request it or where you have expressly asked us to do so. 

We will hold your Personal Information for as long as is required to fulfill the purposes for which it was collected or as required by law. We will take reasonable steps to destroy or de-identify any Personal Information about you once the information is no longer required for the purposes for which it was collected or as authorised or required by law. We require that organisations which we have contracted to supply us services, for the purpose of supplying you with our services, have in place reasonable safeguards to protect your Personal Information subject to the APPs. When providing your personal information to us you are consenting to this Privacy Policy and to the collection, use and disclosure provisions described in this Privacy Policy.

Provision of Personal Information about another person

You should only provide us with the personal information of another person if you have that person’s expressed authority and consent to do so. You should also take reasonable steps to inform them of the existence of and the matters set out in this Privacy Policy. If you provide us with the personal information of another person you imply that you have obtained the authority of that person and notified that person of this Privacy Policy.

Protecting your personal information (Eligible Data Breach)

We store information using a number of methods including in paper and electronic form. We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification or disclosure. If a suspected eligible data breach occurs in respect of your Personal Information, we will notify you and the Office of the Australian Information Commissioner. An eligible data breach occurs when there is unauthorised access to personal information where a reasonable person would conclude that such a breach is likely to cause serious harm to the individual to whom the information relates, and where the privacy entity has not been able to prevent the likely risk of that harm.

Accuracy of your personal information

We make every effort to ensure your personal information is accurate, complete and up to date. Please contact us if you believe your personal information is not accurate, complete or up to date (see contact details below). If we do not have accurate Personal Information pertaining to you, any report of ours may not be accurate or may not be able to be finalised/completed.

Gaining access to your personal information

You can gain access to your personal information subject to exceptions allowed by law as follows:

  1. access would pose a serious threat to life or health of an individual;
  2. access would have an unreasonable impact on the privacy of others frivolous or vexatious request;
  3. the information relates to a commercially sensitive decision making process access would be unlawful;
  4. access would prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security function or negotiations with you; or
  5. where a third party has given us health information about you in confidence. The request must be in writing, state the name and the address of the individual making the request, sufficiently identify the health information to which access is sought, and specify the form in which the individual wishes the information to be provided, being a form outlined by the HRIP Act (paper, electronic or in person). Refer to the HRIP Act for more information.

Response to request for access

Happy Health must respond to a request for access within 45 days after receiving the request by providing access to the information or refusing access to the information.

If we deny access to your information

We will provide you with reasons Any request for access to your personal information must be made in writing. Photo identification will be required and an access fee may be payable. Except where some legal restrictions might apply, you will be provided with access to any Personal Information.

Sensitive Information

During the course of business we may be required to collect Sensitive Information about individuals, which may include information about your health (including genetic information), racial or ethnic origin, political opinions or memberships, religious or philosophical affiliations or criminal record. Collection of any Sensitive Information will be done in accordance with the APP’s and the Privacy Act. We will only disclose Sensitive Information that we may collect or hold about you for the purposes for which it was collected, or for directly related purposes you would reasonably expect us to use it for, or if you have expressly consented to that disclosure, or if we are otherwise authorised or compelled by law or a court order to disclose that Sensitive Information.

You can deal with us anonymously

Where it is lawful and practicable you can deal with us anonymously. For example, if you have a complaint or concern about our site, or a general question about any of our products, you are welcome to contact us without identifying yourself. In some cases, if you do not provide us with this information we may not be able to fully provide you with our services or respond adequately to you.

Transborder Data Flow

There may be occasions when personal information is transferred outside of Australia. Generally, this will occur in the provision of services to you and the transfer of this information outside of Australia will have been disclosed to, and authorised by, you as part of the terms of our engagement. When transferring personal information outside Australia, we will comply with the requirements of the Privacy Act that relate to transborder data flows. Where the international transfer of personal information outside is to countries whose privacy laws may be considered as to not provide the same level of protection as Australia, our commitments to safeguard your privacy will not change and remains subject to existing obligations and this Policy. As part of provision of the services to you we may store your personal information using online or cloud software. 

The personal information that you provide to us may be transferred to the servers of our software providers as a function of transmission across the internet. By providing your personal information you are consenting to that personal information being transferred to and stored on the servers as set out in this Privacy Policy. The third parties who host our servers do not control and are not permitted to access or use your personal information (except for the limited purpose of storing the information) and we do not “disclose” personal information to those server hosts, whether or not they are located overseas. Notwithstanding the above, for the purpose of transparency we advise that the servers of our software providers are currently located in Australia however this location may change without prior notice to you. Your personal information may be routed through, and stored on, those servers. If the location of those servers changes in the future, we will update this Privacy Policy.

Your credit information and credit eligibility information

The Privacy Act 1988 classifies credit information as, certain information relating to goods and services supplied on terms which allow payment to be deferred for a period of time more than seven days. If we provide you (or an entity related to you) with credit, we may also collect and hold credit information and credit eligibility information about you. Without limitation this may include credit reports, identification information, consumer credit liability information (e.g. information relating to amounts payable to us and the terms of the relevant credit), as well as information relating to payments made and default payment information.

Changes to our privacy policy

We reserve the right to make changes to this privacy policy at any time. We will notify you of any such variations or amendments by publishing the updated Privacy Policy on our website. You should review this Privacy Policy periodically so that you are updated on any changes.

To Contact us

If you wish to contact us about your personal information or make a complaint about possible breaches of your privacy, you should direct enquires to:

Happy Health Pty Ltd Unit 2/13 Arnott St Edgeworth NSW 2285
Telephone: 02 4965 8199 Or Email: hello@happyhealth.com.au

The Privacy Officer will deal with your inquiry or complaint as soon as is reasonably practicable.

Complaints may also be made directly to the Office of the Australian Information Commissioner by visiting the website: https://www.oaic.gov.au/privacy/privacy-complaints


APPs means the Australian Privacy Principles in the Privacy Act 1988 (Cth)

Health Information means information or an opinion about your health status or any disability you may have, your expressed wishes about the future provision of health services to you, other personal information collected to provide a health service to you, certain genetic information or information in relation to donation of your organs.

Health Service means any activity related to your health including various medical related assessments, records of those assessments, diagnosis, treatment, and/or dispensing of medications.

Personal Information means information or an opinion about a specific individual or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information is recorded in material form or not.

Sensitive Information means information or an opinion about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health information.

”We”, “our”, “us” means Happy Health Pty Ltd “You” means any person whose personal information we collect.